Because official Native Client releases only allow execution of code
served from localhost, we do not expect this vulnerability to cause
problems in the wild. We have fixed it for the next Native Client
release. However, if any users have disabled or worked around the
localhost restriction, they should update past r1313 and recompile.
This does not affect ARM.
More details and a brief postmortem here:
http://code.google.com/p/nativeclient/issues/detail?id=245
--
Cliff L. Biffle
Native Client Team
Google, Inc.